RFC 5288 describes the use of AES in Galois Counter Mode (GCM) (AES-GCM) with various key exchange mechanisms as a cipher suite for TLS. AES-GCM is an authenticated encryption with associated data (AEAD) cipher (as defined in TLS 1.2) providing both confidentiality and data origin authentication.
Java SE had already defined the AES-GCM interfaces in Java SE 7. In the coming Java SE 8, as an implementation of JEP 115, AES-GCM algorithms is implemented in SunJCE provider, and AES-GCM cipher suites are implemented in SunJSSE provider.
The following SSL/TLS AEAD/GCM cipher suites, in preference order, are enabled by default in SunJSSE provider for TLS version 1.2: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (RFC 5289)
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_RSA_WITH_AES_256_GCM_SHA384 (RFC 5288)
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (RFC 5289)
"Unrecognized_name" is an error alert, define by RFC4366. In section 4 of RFC4366:
- "unrecognized_name": this alert is sent by servers that receive a server_name extension request, but do not recognize the server name. This message MAY be fatal.
And in section 3.1 of of RFC4366:
If the server understood the client hello extension but does not recognize the server name, it SHOULD send an "unrecognized_name" alert (which MAY be fatal).
From above sections, we see that "unrecognized_name" is related to "the server name" or "server_name" extensi…
The implementation of JEP 114 (TLS Server Name Indication (SNI) Extension) had integrated into JDK 8 at October, 2012. This blog entry will talk about some useful behavior changes and user cases that make use of SNI extenstion. Please refer to javax.net.ssl package of JDK 8 APIs for the detailed specification.
The SNI extension in client mode
In JDK 7, if a SSL/TSL connection specified hostname of the server, and when the hostname is fully qualified domain name (FQDN), the hostname will be used as the default server name indication in ClientHello message, implicitly.
For example: SSLSocketFactory factory = ...
SSLSocket sslSocket = factory.createSocket("www.example.com", 443);
the hostname, "www.example.com" will appear in the server name indication extension in ClientHello message.
While for SSLSocketFactory factory = ...
SSLSocket sslSocket = factory.createSocket("172.16.10.6", 443);
as the hostname is an IP address, No server name indi…